class PostController < ApplicationController
  before_filter :login_required, :only=>['new', 'create']
  
  # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
  verify :method => :post, :only => [ :destroy, :create, :update ],
         :redirect_to => { :controller => '' }

  def new
    @post = Post.new
    @topic = Topic.find(params[:id])
  end

  def create
    @post = Post.new(params[:post])
    @post.topic_id = params[:id]
    @post.user_id = current_user.id
    if @post.save
      flash[:notice] = 'Post was successfully created.'
      redirect_to :controller => 'topic', :action => 'show', :id => params[:id]
    else
      render :action => 'new'
    end
  end

  def edit
    @post = Post.find(params[:id])
  end

  def update
    @post = Post.find(params[:id])
    if @post.update_attributes(params[:post])
      flash[:notice] = 'Post was successfully updated.'
      redirect_to :controller => 'topic', :action => 'show', :id => @post.topic_id
    else
      render :action => 'edit'
    end
  end

  def destroy
    @post = Post.find(params[:id])
    @topic_id = @post.topic_id
    @post.destroy
    redirect_to :controller => 'topic', :action => 'show', :id => @topic_id
  end
end
